GO-2024-2859: source-controller leaks Azure Storage SAS token into logs in github.com/fluxcd/source-controller

registry

package

v1.2.3 Latest Latest Go to latest Published: Dec 14, 2023 License: Apache-2.0 Imports: 14 Imported by: 0

Details

Valid go.mod file

The Go module system was introduced in Go 1.11 and is the official dependency management solution for Go.
Redistributable license

Redistributable licenses place minimal restrictions on how software can be used, modified, and redistributed.
Tagged version

Modules with tagged versions give importers more predictable builds.
Stable version

When a project reaches major version v1 it is considered stable.
Learn more about best practices

Repository

github.com/fluxcd/source-controller

Links

Open Source Insights

Documentation ¶

Index ¶

func AuthAdaptHelper(auth authn.Authenticator) (registry.LoginOption, error)
func ClientGenerator(tlsConfig *tls.Config, isLogin, insecureHTTP bool) (*registry.Client, string, error)
func KeychainAdaptHelper(keyChain authn.Keychain) func(string) (registry.LoginOption, error)
func LoginOptionFromSecret(registryURL string, secret corev1.Secret) (authn.Keychain, error)
func NewLoginOption(auth authn.Authenticator, keychain authn.Keychain, registryURL string) (registry.LoginOption, error)
func TLSLoginOption(certFile, keyFile, caFile string) registry.LoginOption

Constants ¶

This section is empty.

Variables ¶

This section is empty.

Functions ¶

func AuthAdaptHelper ¶ added in v0.31.0

func AuthAdaptHelper(auth authn.Authenticator) (registry.LoginOption, error)

AuthAdaptHelper returns an ORAS credentials callback configured with the authorization data from the given authn authenticator. This allows for example to make use of credential helpers from cloud providers. Ref: https://github.com/google/go-containerregistry/tree/main/pkg/authn

func ClientGenerator ¶

func ClientGenerator(tlsConfig *tls.Config, isLogin, insecureHTTP bool) (*registry.Client, string, error)

ClientGenerator generates a registry client and a temporary credential file. The client is meant to be used for a single reconciliation. The file is meant to be used for a single reconciliation and deleted after.

func KeychainAdaptHelper ¶ added in v0.31.0

func KeychainAdaptHelper(keyChain authn.Keychain) func(string) (registry.LoginOption, error)

KeyChainAdaptHelper returns an ORAS credentials callback configured with the authorization data from the given authn keychain. This allows for example to make use of credential helpers from cloud providers. Ref: https://github.com/google/go-containerregistry/tree/main/pkg/authn

func LoginOptionFromSecret ¶

func LoginOptionFromSecret(registryURL string, secret corev1.Secret) (authn.Keychain, error)

LoginOptionFromSecret derives authentication data from a Secret to login to an OCI registry. This Secret may either hold "username" and "password" fields or be of the corev1.SecretTypeDockerConfigJson type and hold a corev1.DockerConfigJsonKey field with a complete Docker configuration. If both, "username" and "password" are empty, a nil LoginOption and a nil error will be returned.

func NewLoginOption ¶ added in v1.1.0

func NewLoginOption(auth authn.Authenticator, keychain authn.Keychain, registryURL string) (registry.LoginOption, error)

NewLoginOption returns a registry login option for the given HelmRepository. If the HelmRepository does not specify a secretRef, a nil login option is returned.

func TLSLoginOption ¶ added in v1.1.0

func TLSLoginOption(certFile, keyFile, caFile string) registry.LoginOption

TLSLoginOption returns a LoginOption that can be used to configure the TLS client. It requires either the caFile or both certFile and keyFile to be not blank.

Types ¶

This section is empty.

Source Files ¶

View all Source files

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL